You're welcome.
I did the legwork but I asked GPT to summarise my findings. It took me about an hour but was intensely interesting. Their site is vulnerable to XSS attacks (if I knew their server version, which I don't other than that it's running on Apache), header insertions, brute-forcing, and DDoS. All of which are illegal. So I stopped entertaining those ideas.
This is the most damning evidence (aside from general landing page vulnerabilities):
The hosting provider's abuse contact is listed as "16 Collyer Quay, #18-29, Income at Raffles, Singapore", which is a well-known address for virtual offices rather than an actual operational location.
